Rewrite the Coding Rules

Security is a problem in technology. Whether it's technological misconfiguration, social engineering, or brute force attacks, we see a constant stream of headlines about security issues. The situation is not likely to change anytime soon as security isn't seen as a priority by many companies. If that's the case, then is there anything that can be done to improve security?

Security expert Dan Kaminsky says that we need a fundamental change in the way we write code. By rewriting the way that code is developers, rewriting the rules, we can reduce the vulnerabilities in our applications. One theory is that our languages and the coding techniques used are making it entirely too easy for vulnerabilities to creep into code.

It's an interesting theory, especially these days when it seems so many of our applications are under attack. I suspect that we have lots of poor habits ingrained in many developers. People are loathe to change and they like to continue working in ways that have worked for them. However the world of security in software changes constantly. What might have made you a very effective and productive developer five years ago might make you a liability today.

I believe that we need to somehow build new coding methods, but even more importantly I think people that provide sample code and framework need to do so in a way that showcases best practices and good habits from a security perspective. That includes presenters, who should never show security issues, even if it's for the sake of simplicity. Raise the bar and your audience will come along with you.